Certainly. The one from the repos is compiled with the OpenSSL version also from the repos, so it makes sense that ig you use a different OpenSSL version, you need a different PKCS#11 engine too.
Certainly. The one from the repos is compiled with the OpenSSL version also from the repos, so it makes sense that ig you use a different OpenSSL version, you need a different PKCS#11 engine too.
hi,
sorry for replying late, now i able to load the module opensc-pcs11.so after installing the rebuild version of pkcs11 engine and when i was about to create the certificate, it couldn't load the libpkcs11.so from the path, so i copied engine_pkcs11.so the directory /usr/local/lib/engines/ as libpkcs11.so as it needs to be there, but when i again tried creating certificate i get the following error,
OpenSSL> req -new -x509 -days 365 -keyform engine -engine pkcs11 -key id_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -out mysmartcard.cert.pem
unable to load module (null)
can't use that engine
3070696:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:
no engine specified
unable to load Private Key
error in req
again it shows unable to load the module, here i thought i could ask you before i go further....
many thanks,
D.
hi,
now i can load pkcs11 engine and module opensc-pkcs11.so, i get the following errors when i tried creating certificates,
Organizational Unit Name (eg, section) []:testbed
Common Name (eg, YOUR name) [CA_dhinu]:CA_dhinu
Email Address [d.gunasekaran@gmail.com]:d.gunasekaran@gmail.com
problems making Certificate Request
10197736:error:0B07807C:x509 certificate routines:X509_PUBKEY_set:method not supported:x_pubkey.c:112:
Segmentation fault
i didn't get any clue to come out of this, i would like to hear from you regarding this...
thanks in advance,
Dhinu.
It worked for me but I compiled OpenSSL 1.0 and the PKCS#11 engine from source. Maye there's a problem with the package you've been using.
hello, i'm back again.
the smartcard setup for my home machines is productive a while now, and i'm more than happy with the results. just to give an example: without the smart card i would have needed my 3 year old to memorize a password like
"3DQEBAQUAA4GNADCBiQKBgQClRLcuudoW62NzWO7s/HSMqhjR
edFkxqxKdTuNksi+oCG5QDmZtzOuAX5eCtXLKiAyt8cSNQWUhO lS9jK/5vpwMyee
+qWQuh2jA0wfi6eoNIWGz5ZdjDn/b2BwvsOZUtpNKOtMwnce"
it's better with the pin for sure. thanks again.
now i would like to make the setup complete. the only thing missing is the full disk encryption, or encrypted lvm. truecrypt was great with windows & pre-boot auth, which is sadly not available for linux.
i googled and googled several times, but the only reference of a working setup i found here http://blog.fraggod.net/2010/4/LUKS-...-via-smartcard is obviously too high level for me.
thus, i encourage Bachstelze, or anyone else being a Jedi of this subject to share the details of a possible setup. i would be glad to test and use it if someone could lead me through the steps.
(as far i see this is the same point to which the owners of gooze.eu got)
I am not really familiar with FDE yet so don't expect anything about it from me any time soon, I don't really have the time to go through it now.
you know you won't see me giving up this near to the finish line.
i can wait another few years, maybe in the meantime someone will come up with a working setup.
thanks anyway for letting know.
Great How-to, I made it work. However this is a local authentication.
Does anyone know how to get it work with Kerberos authentication? I have a windows server with the CA installed there. I would like to know how to specify the domain, the server IP adress and the rest of settings. Does anyone know how to do that or provide maybe a source describing how to do that in the web?
Bookmarks